Question
We are using URL Rewrite module to force the login sectoin of our website over https while keeping all the other section on http. These are the two rules that we have added
https://stackoverflow.com/questions/19731626
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian <rule name="Others Force HTTP" enabled="true" stopProcessing="true">
<match url="(((.*)/LogOn)|((.*)/Content(.*))|((.*)/Images(.*))|((.*)/Scripts(.*)))" negate="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^ON$" />
</conditions>
<action type="Redirect" url="http://{SERVER_NAME}{REQUEST_URI}" redirectType="Permanent" />
</rule>
<rule name="Force on SSL" enabled="true" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
<add input="{REQUEST_URI}" pattern="^/users/account/LogOn(\?.*)*$" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}{PATH_INFO}" redirectType="Permanent" />
</rule>
However with these rules Internet Explorer shows the prompt that some of the content was not delivered over secured connection whereas Google chrome does not fetch any of the stylesheet, images etc.
Fiddler shows that the web server is redirecting all requests to /Content /Images etc. over HTTP which the IIS server shouldn't do as per the first rule.
We are at our wits ends trying to resolve this problem. Some help would be greatly appreciated.
Solution
Nikhil,
Ignoring the HTTPS to http redirection rule "Others Force HTTP" for images and stylesheets would solve this, you can rewrite your condition like this
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^ON$" />
<add input="{REQUEST_URI}" pattern="^/Content*" negate="true" />
</conditions>
Note: You can remove the url matching condition for the contents folder
Hope this helps.
